Towards Policy Enforcement Point as a Service (PEPS)
|
|
- Brenda Moore
- 6 years ago
- Views:
Transcription
1 Towards Policy Enforcement Point as a Service (PEPS) Shaghaghi, A., Kaafar, M. A.. D., Scott-Hayward, S., Kanhere, S. S., & Jha, S. (2017). Towards Policy Enforcement Point as a Service (PEPS). In Proceedings of the IEEE Conference on Network Functions Virtualization and Software-Defined Networking Palo Alto, California: Institute of Electrical and Electronics Engineers (IEEE). Published in: Proceedings of the IEEE Conference on Network Functions Virtualization and Software-Defined Networking Document Version: Peer reviewed version Queen's University Belfast - Research Portal: Link to publication record in Queen's University Belfast Research Portal Publisher rights 2016 IEEE. This work is made available online in accordance with the publisher s policies. Please refer to any applicable terms of use of the publisher. General rights Copyright for the publications made accessible via the Queen's University Belfast Research Portal is retained by the author(s) and / or other copyright owners and it is a condition of accessing these publications that users recognise and abide by the legal requirements associated with these rights. Take down policy The Research Portal is Queen's institutional repository that provides access to Queen's research output. Every effort has been made to ensure that content in the Research Portal does not infringe any person's rights, or applicable UK laws. If you discover content in the Research Portal that you believe breaches copyright or violates any law, please contact openaccess@qub.ac.uk. Download date:01. Apr. 2018
2 Towards Policy Enforcement Point as a Service (PEPS) Arash Shaghaghi1,2, Mohamed Ali (Dali) Kaafar2, Sandra Scott-Hayward3, Salil S. Kanhere1 and Sanjay Jha1 1 School of Computer Science and Engineering, UNSW Australia, Sydney, Australia 2 Data61, CSIRO, Australia 3 Centre for Secure Information Technologies (CSIT), Queen s University Belfast, Northern Ireland Contact: a.shaghaghi@unsw.edu.au Abstract In this paper, we coin the term Policy Enforcement as a Service (PEPS), which enables the provision of innovative inter-layer and inter-domain Access Control. We leverage the architecture of Software-Defined-Network (SDN) to introduce a common network-level enforcement point, which is made available to a range of access control systems. With our PEPS model, it is possible to have a defense in depth protection model and drop unsuccessful access requests before engaging the data provider (e.g. a database system). Moreover, the current implementation of access control within the trusted perimeter of an organization is no longer a restriction so that the potential for novel, distributed and cooperative security services can be realized. We conduct an analysis of the security requirements and technical challenges for implementing Policy Enforcement as a Service. To illustrate the benefits of our proposal in practice, we include a report on our prototype PEPS-enabled location-based access control. I. I NTRODUCTION With Software-Defined-Network (SDN), the separation of control and data plane and programmability in the network enable provision of enhanced security systems. A diverse set of proposals have emerged that exploit the architecture of SDN, and specifically the network-wide view of SDN controllers, to implement reactive monitoring and automated response systems. Recently, an emerging body of literature is shaped around the idea of using SDN to introduce innovative security services. We follow the latter approach and leverage the capabilities of SDN in moving towards a new model of access control enforcement, which could potentially open the door to a range of new types of security services. Access control systems limit the operations of legitimate users [19]. The main components of an access control system include Policy Decision Point (PDP), Policy Repository (PR) and Policy Enforcement Point (PEP). Accordingly, an authorization flow involves retrieving the user access request by PDP, inquiry the PR for matching policies and enforcing the decision by PEP. Figure 1 illustrates a typical access control process flow between a Database Management System (DBMS), as the Data Provider (DP), and a user at a remote network, as the Data Requestor (DR). An access request by a DR is sent from the DR network to the DP network, where the DBMS makes the access decisions and enforces them. In other words, with this setup, an access request reaches DR at application-layer and only then is decided about. Hence, an attacker is allowed to engage the system and its hosting Fig. 1: A typical access control process flow between a Data Provider (DP) and Data Requestor (DR) located in separate networks. network and possibly execute certain types of attacks such as Denial of Service (DoS) or port scanning. In this paper, we propose to leverage the capabilities brought by SDN to introduce programmable network-level policy enforcement points, which application-layer services may subscribe to. The extra enforcement points serve to create a defense in depth [3, p. 308] model of protection and improve the protection of services hosted in enterprise-like networks. PEPS enables applications such as DBMS to enforce dynamic access control policies both at a lower-level (i.e. network-level enforcement rather than application-level) and closer to the DR s network (i.e. inter-domain enforcement). In effect, PEPS enables authorized system resources to push preapproved policies to a purpose-built SDN application, which enforces these policies at the level of SDN switches. We coin Policy Enforcement Point as a Service (PEPS) for this model of enforcement. Referring to Figure 1, with PEPS, instead of waiting for the requests to reach the DBMS s PEP, the DBMS may instruct the network to drop requests originated from a specific network address for a certain period. Similarly, for Quality of Service (QoS) purposes the DBMS may instruct the firewall to adjust traffic volume forwarded to it. Moreover, if the two networkdomains were to collaborate, the DBMS may push dynamic and pre-approved policies to the DR s network and block
3 unauthorized access requests either pro-actively or reactively. For example, access requests from non-secure areas of a building destined to the DBMS may be dropped as early as entering the DR s network. We remind that in defense in depth model of protection, the outer-layer defenses may be less reliable than the inner-layers. Hence, if, for any reason, the DR s network fails to ensure to the remote policies, the standard DR s PEP is still in effect. The resulting protection with PEPS is significantly different and novel compared to status-quo. In fact, from an access control viewpoint, the extra enforcement points at SDN s data plane, facilitates moving towards distributed and cooperative enforcement of access control for application and services. PEPS also motivates a new line of thought in access control, which is deploying verifiable protection points beyond the trusted perimeter of an organization. The rest of this paper is structured as follows. In Section II we briefly revise background information on Access Control and SDN security. Thereafter, in III, we elaborate on our motivation and preliminary technical requirements for implementing PEPS. In IV, we report on our prototype implementation of a PEPS-enabled location-based access control (LBAC) system. The advantages of our LBAC compared to state-of-the-art is discussed to motivate further investigation of various applications of PEPS. We conclude this paper specifying our work-in-progress and outlining suggestions for future work. A. Access Control II. BACKGROUND Every user s attempt to interact with protected resources is mediated by access control - the oldest information security mechanisms. During the last decade, an increasing number of major data leakage incidents are associated with the failure of access control [8]. Security researchers [17], [25], [27], associate this to the incompatibility of currently implementable access control with today s requirements. Hence, an increasing number of researchers are investigating innovative proposals to change this condition [9]. One of the promising directions is the interaction of access control with other security services. For example, Crampton et al. propose integrating intrusion detection systems with access control systems [6]. Distributed access control is a fairly recent trend in access control. For example, in [24], authors propose having multiple principals defining the policies for PDP. Nevertheless, the enforcement is through a single trusted reference monitor. Digital Rights Management (DRM) [22] is another example, which is constituted of distributed enforcement. With DRM, the clientside enforcement is, in fact, an extra point of enforcement that facilitates a more granular control over information. DRM is well-recongized and appreciated by industry, and its architecture has been inspiring for our work. B. Software-Defined-Network Security SDN Security literature may be split into two main categories, securing the Software-Defined-Network itself or leveraging the capabilities of this technology for security services. In [20], Scott-Hayward et al. provide a categorization of the security issues associated with the SDN framework, and detail the body of literature focussed on solutions to these threats. The security requirements of PEPS defined in 3.3 rely on such solutions. On the other hand, SDN facilitates the provision of reactive and automated monitoring, analysis and response systems. The key SDN characteristics contributing here are the networkwide view for centralized monitoring [2] and the programmability of SDN to redirect selected network traffic through middleboxes (see [4], [10], and [18] for examples). Along with the improvement of traditional security solutions via SDN, novel security services are also built on top of SDN. For example, [11] uses SDN to develop an architecture that enables residential internet customization, which could be used to secure household appliances. [15] and [21] also introduce innovative services. Recently, a few number of solutions extend the Authentication, Authorization, and Accounting (AAA) functionality using the SDN controller and focus on identity management and authentication mechanisms (e.g. [14] and [7], [23]). Our PEPS model is a network-level access control implementation deployed at the SDN data plane. A. Motivation III. POLICY ENFORCEMENT AS A SERVICE Every organization has a number of systems equipped with their own access control mechanism, e.g. file systems, firewalls, location-detection, etc. The access control component of these systems operates independently. Hence, if any of these PEP fail then unauthorized access to data is inevitable. As mentioned in II-A, distributed reference monitors have been previously investigated in the literature. However, to the best of our knowledge, the idea of having a cooperation among PEP has not yet been explored. Recalling that in most cases access requests to data, or resources, are mediated through the network we believe it is possible to place a shared enforcement point for all services to use. However, unlike firewalls, this component has to adhere to dynamic policies and requirements of application-layer systems. Moreover, letting applications such as DBMS instruct the network may result in better and more dynamic network management. For example, assume at time t of day d the network infrastructure hosting the DBMS is congested and can only handle 50 concurrent connections to DBMS due to the global QoS requirements. Accordingly, the DBMS administrator defines a policy to drop connection requests beyond 50 and instructs the DBMS PEP to limit the total number of requests from a single source to 10. The issue with this arrangement is that the UNSW network Admin has to trust the DB Admin and the DBMS access control for this as such temporary policies are application-dependent and are unknown to the network components such as a firewall. Furthermore, with application-level access control traffic still reaches the
4 network and attacks such as DoS may still target the network hosting the DBMS. Thirdly, dropping traffic associated with unauthorized requests closer to the source would enable saving significant traffic from flowing over the networks or Internet. B. Proposed Approach We propose designing a shareable enforcement point at network-level, which is made available to application-layer access control systems. The shareable enforcement point is made available as a service and application or services need to subscribe to use it. We coin the term Policy Enforcement as a Service, or PEPS, for this security service. Relying on traditional networks and deploying middle-boxes for PEPS would be challenging. Specifically, policy conflict resolution and performance management will be inefficient and troublesome. However, the SDN architecture is well-suited for such requirements since the controller composes policies received by various applications and there is an on-going effort to optimize this process with respect to dynamic and reactive policies. In SDN, the control plane entails both PR and PDP and the data plane is equivalent to PEP in access control. In essence, the SDN controller takes as input an extra set of policy for PEPS, which may be defined by local or remote applicationlayer access control systems. We design an SDN application responsible to retrieve these policies and submitting them to the network operating system. C. Assumptions We require the following assumptions to hold: The SDN controller and external SDN applications are assumed to be secure and able to communicate securely (e.g. using TLS). The SDN data plane is not compromised. The east and west bound communication link between controllers in different networking domains is secure. As mentioned in II-B, there is an over-expanding body of literature exploring the security of SDN both at data plane and control plane. Similar to various proposals that leverage SDN to introduce novel services and applications (see II-B), we focus on our proposed system assuming the underlying platform is reasonably reliable and secure. D. Security Requirements A PEPS solution should be designed and implemented such that a malicious subscriber, whether in the same perimeter or not, cannot: Violate the policy specifications of the service provider through the remote policies. Violate the policy specifications of other services, which use the enforcement point, whether in the same perimeter or not. Affect the performance of the SDN controller itself. For example, causing a DoS attack with constant update of the remote policies. Fig. 2: Abstract representation of Policy Transfer (PT) and Remote Policy Transfer (RPT) in SDN networks deploying PEPS. Switches in red and gree colour are effected by PT and RPT, respectively. E. Main Components and Requirements Figure 2 shows the main components required in an SDN network deploying PEPS. Policy Transfer is the standard protocol used to define policies at application-layer (e.g. by DBMS) for network-level SDN application. Similarly, Remote Policy Transfer is used to translate application-layer policies for a remotely located SDN network deploying PEPS. RPT is securely exchanged over east and westbound link between controllers and PT is exchanged over a secure connection. Conflicting policies will result in one or more of the threats mentioned in III-D. Therefore, we have to ensure the following three requirements are met: Requirement 1: Let P be the set of policies for controller C 1, which is in domain D 1 and governs over the set of switches S. We define P r as the PT for C 1 and say: P i is a valid PT for P if and only if P = {P P r } does not violate the original policy specification P. Requirement 2: ensures the remote policies do not conflict with original policy specification. Therefore, we just replace PT with RPT in Requirement 1. Policy composition and conflict detection is an ongoing challenge in Software-Defined-Network [12]. In order to prevent adding further complications to this domain with PEPS, it is best to restrict the capabilities of RPT at this time. We postulate to restrict a PEPS service subscriber only to submit RPT that relate to flow destined directly towards it (e.g. DB in Domain B may only set RPT at domain A for traffic flowing towards it s own domain). Moreover, the priority of rules set after conversion of RPT should always be set below any matching policy set locally. Accordingly, we define Requirement 3: Requirement 3: Let P be the set of policies for controller C 1, which is in domain D 1 and governs over the set of switches S and has been defined locally. We define P r as the remote policy for C 1, which is generated according to RPT. Then, having P ri that P i results in P i OVERRIDES P r i in the final policy set P = {P P r }. F. Practical Considerations Multi-Table Pipeline: the data plane of SDN supports Flow Table Pipeline (FTP) - introduced with OpenFlow specification
5 V1.1 to improve the flow processing performance [1]. The pipeline consists of multiple flow tables. The incoming packet is first matched with the first flow table, where the specified actions could direct the packet to another flow table for further processing of the packet. With this redirection mechanism, the SDN control plane could build a logical single source directed acyclic graph on the FTP for processing. To implement non-conflicting remote policies we propose customized use of FTP. All flow rules resulting from PT or RPT should be added to the last flow table. This flow table is directly managed by our purpose built PEPS APP. The incoming flow to the switch is first-matched against all but the last flow table (i.e. rules required by local policies are first processed), and if a flow is still allowed, then it is passed to the final flow table for processing. In other words, Let F T P be a set of flow tables {F T 1, F T 2,..., F T n }, F T i for i < n generated according to the set of policies P for Controller C 1, F T n set according to remote policy P r for C 1. Then, an incoming packet P ckt is MATCHED against F T i for i < n 1. The resulting P ckt is then MATCHED against F T n. This simplifies conflict resolution between local and remote policies when using FTP. Multiple PEPS SDN Application Instances: PEPS APP is installed on networks deploying PEPS model of enforcement. This application is responsible to retrieve PT and RPT and to convert them into flow-table rules for submission to the controller. PEPS should be securely connected to application-layer services sending PT or RPT. Moreover, we must ensure PEPS has minimum impact on the controller performance. Network- Function-Virtualization (NFV) may be used to improve the PEPS performance. IV. PEPS IN PRACTICE We now report on our prototype implementation of a PEPSenabled location-based access control. This section aims to highlight the advantages of PEPS in practice and motivate future work. Location-based access controls rely on user s location as one of the attributes when making access decisions. There are simple solutions to retrieve user s location. For example, it is possible to retrieve user s location using the device integrated peripherals such as GPS device. However, proof of presence is a challenging aspect of location-based services, especially for an indoor environment. As thoroughly discussed in [16], proof of presence schemes can be categorized into beaconing-based, context-based and distance-bounding based approaches. Most of the proof of presence solutions are challenged for one or more of the following reasons: requiring specialized hardware or software, being immobile, unable to track movement in real-time (or requiring extensive ongoing context scans either by Data Provider or Data Requestor), being computationally hard or infeasible, or being extremely privacy-invasive. Hence, in practice, the adoption of these schemes by organizations is challenging (e.g. [13], [26]). Here, we propose and implement two alternative approaches to ensure proof of presence and enforce location-based access control using PEPS model. These schemes are not originally built to replace existing solutions. Instead, we are interested to use them as the first layer of defense (i.e. the outer layer of defense in depth model). We define a scenario in which there are two organizations both with SDN networks. The Data Provider (DP) resides in network B, and the Data Requestor (DR) is located in network A. We have implemented the following scheme within a simulated environment using Mininet and Floodlight V.1 running as the SDN controllers. The applications have been developed for this controller and communicate over a secure TLS connection with an open source database server, MariaDB, as the Data Provider. We have integrated an extra module into MariaDB, which mediates communication and coordinates with SDN PEPS APP both in the local and remote networks. PEPS-enabled location-based access control with realtime location tracking SDN-based location tracking: we use OpenFlow to retrieve the location of users in real-time. This is a new approach to track users and can be easily deployed without any specialized hardware in SDN networks. Whenever a packet is received by a switch, and it does not match any of its existing forwarding rules then a packet in message containing the switch ID and port ID is sent to the governing controller. The controller uses this information to create a dynamic geo-location lookup table. This table matches the user s device IP to a switch port. The network locations retrieved through switch ID can be matched to different sections within the building. For example, in Figure 3, Location 1 is associated to AP 1. An issue to consider for wireless devices would be managing the signal coverage that could mislead this scheme. This can be solved using proper and careful positioning of these devices and signal blocking solutions [5]. Indeed, the cost of performing such is much lower than having specialized equipment for location detection. Moreover, an important advantage of this scheme is that unlike most proof of presence schemes, it is capable of tracking the movement of the user around the locations in real-time. It is possible to ensure that this scheme is secure against IP Spoofing by setting a rule that only packets from a specific IP address are forwarded from the switch port. PEPS-based Access Enforcement: at this point, using the above scheme, we build a location-based access control model on top of our PEPS model. As depicted Figure 3, we require an SDN-Location App (equivalent to PEPS APP referred to earlier) installed on both DP and DR networks. An RPT, issued by the DP, defines that any traffic destined to DP is dropped unless the SDN-Location APP on the requesting side initiates a valid session with the same application on the provider side. A valid session requires that the user requesting data be located by the SDN-Location App and is allowed to communicate with DP in accordance with the rules extracted from RPT. Only then a host is allowed to send a request for data. As also depicted in Figure 3, compared to existing approached,
6 Fig. 5: Assumptions and requirements for the location-ticket (LT) scheme. Fig. 3: Policy enforcement points that exist with PEPS are depicted within a simplified location-based access control. Without PEPS, the only PEP would be at DP. Fig. 4: Representation of proposed ticketing protocol. with our location-based access control model there are extra network-level enforcement points both at source network and host. PEPS-enabled location-based access control with location-tickets The SDN-based Location Ticketing Scheme: it is possible to use the same location detection scheme to generate location tickets - rather than real-time tracking. The assumptions and requirements for the location-ticket scheme is depicted in Figure 5. Each controller and user are equipped with a public and private key. The DR creates a Location Ticket Request LTR containing the DR s IP address, public key and time. It digitally signs LTR and sends it to the SDN-Location App running on top of the controller. The signature is verified, and the IP address is compared with the one in the packet header. If the IP is legitimate, the user s location is retrieved using the same approach mechanism described earlier. A Location Ticket (LT) is then generated using the DR s IP address, its public key, time and location. LT is signed and sent along with LT to the DR. The protocol is represented in Figure 4. The proposed location ticket scheme binds the DR s IP and public key together. This helps to prevent one of the main threats against proof of presence schemes such as Sybil Attack, where users create several fake identities in several locations within the network. PEPS-based Access Enforcement: the location-ticket scheme facilitates the integration of PEPS with existing application and services. Specifically, unlike the real-time approach, there is no requirement of having SDN APP on both DP and DR. A location ticket issued by SDN APP at DR may be provided to any application or service requesting proof of presence. The LT scheme also removes the requirement of session establishment between remote controllers, which may be more practical in many scenarios. We implemented the LT scheme and sent location tickets along with access requests to MariaDB as part of our prototype implementation. A. Security and Performance Analysis Performance Analysis: we simulated a network with 32 switches and four threads and sent location ticket requests to the application running on top of the controller. Figure 5.a shows the standard performance of the Floodlight controller when not running the SDN-Location App. We then ran the application and issued 1000 LTR. The controller performance was steady and cumulative distribution function (CFD) showed reasonable performance impact. However, as we increased the LTR numbers the performance of the controller when handling incoming flows degraded compare Figure 5.b with 5.a. This points us to the fact that it may be a better approach to outsource demanding processes and use solutions such as NFV. Security Analysis: we include an analysis of SDN-based location detection scheme. The security and performance of PEPS is included in Section 5. The scheme does not rely on user s device peripherals and is built on capabilities available at network infrastructure level. Hence, it is much harder for an attacker to compromise the system. Also, since this scheme does not rely on context measurement information, it is secure against most recent attacks including Context Guessing Attack [16]. Moreover, this scheme could be used as a standalone solution not for proof of presence but actual location detection. If so, it allows the protection of user s privacy against service providers that retrieve a huge amount of personal information when retrieving the device location. However, the original scheme is vulnerable to the Wormhole attack. It is possible to solve this problem using authenticated Ping and various other network delay measurement techniques. As further security analysis
7 Fig. 6: Abstract representation of progressive layered firewall model. and improvement is beyond the scope of this paper and we leave this for our future work. V. DISCUSSION As illustrated in Figure 3, our PEPS-based access control model allows having a defense in depth model of protection. This change in access control enforcement has several advantages. For example, it allows network bandwidth to be saved by blocking unauthroized requests at the source. It also enables s of certain categories of attacks, where the attack is based on challenge and response (e.g Port Scanning). Evidently, dropping traffic before engaging services or systems also facilitates protection against DoS threats. PEPS enables having a more context-aware access control. For example, if the remote enforcement is not blocking traffic as expected then it could be considered as less trustworthy. Accordingly, if controllers in different domains were to share knowledge about this, they could block all, or specific, access requests originated from the suspicious network until further investigation (e.g. the controller may be compromised or the PEPS APP may be malfunctioning). We presume the aforementioned are only some of the advantages of brought with a PEPS model of access control enforcement. Specifically, the co-operation of domains in access control could lead developing novel security services never sought before. For example, we are investigating the development of a PEPS-enabled inter-domain firewall system, which gradually and progressively applies policies (see Figure 6 for an abstract representation). In other words, the RPT mechanism used to define non-conflicting remote policies could be used between firewall applications of SDN controllers to progressively block unwanted traffic reaching an organization network. It should be noted that, from a practical point of view, such approach may not have been feasible with existing firewall solutions without SDN and conceptualization of PEPS. For example, firewalls may have been from different providers and cooperation would not have been feasible. We leave further investigation and exploration as future work. PEPS is currently at its conception phase and requires much further exploration and development before coming into practice. Specifically, the translation of PT and RPT for the network hosting PEPS is a challenging issue e.g. which forwarding devices will have to apply the remote policies in (a) Fig. 7: Impact of SDN-Location APP on Floodlight controller. Figure (a) is without the application running and Figure (b) is with the application running. the network. Moreover, the impacts of PEPS on network performance and security threats associated with it require proper analysis. We remind that our early performance evaluation is not prohibitive (see IV). (b) VI. CONCLUSION AND FUTURE WORK In this paper, we revisited the Policy Enforcement Point (PEP) of access control. We introduced Policy Enforcement Point as a Service, or PEPS, by leveraging the capabilities of Software-Defined-Network (SDN). PEPS allows cooperation of PEP among application-layer and network-layer services either in the same network or remote domains. It enables improving the security of application-layer services hosted in networks and promises the development of innovative collaborative network-based security services. Beyond conceptualization, we made an early attempt to discuss practical requirements for PEPS and reported on our prototype implementation. Detailed analysis of some of the security challenges of PEPS and a more technical exploration on how to integrate remote policy is left as our future work. REFERENCES [1] OpenFlow Switch Specification Version 1.1. Open Networking Foundation. [2] I. Alsmadi and D. Xu. Security of software defined networks: A survey. Computers & Security, 53:79 108, [3] R. Anderson. Security engineering. John Wiley & Sons, [4] B. Anwer, T. Benson, N. Feamster, D. Levin, and J. Rexford. A slick control plane for network middleboxes. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pages ACM, [5] D. D. Coleman, D. A. Westcott, B. E. Harkins, and S. M. Jackman. Certified wireless security professional official study guide, [6] J. Crampton and M. Huth. Towards an access-control framework for countering insider threats. In Insider Threats in Cyber Security, pages Springer, [7] V. Dangovas and F. Kuliesius. Sdn-driven authentication and access control system. In The International Conference on Digital Information, Networking, and Wireless Communications (DINWC2014), pages The Society of Digital Information and Wireless Communication, [8] S. C. David M. Upton. The danger from within. Harvard Business Review, [9] Y. Desmedt and A. Shaghaghi. Function-Based Access Control (FBAC): From Access Control Matrix to Access Control Tensor. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats co-located with ACM CCS ACM, 2016.
8 [10] S. K. Fayazbakhsh, V. Sekar, M. Yu, and J. C. Mogul. Flowtags: Enforcing network-wide policies in the presence of dynamic middlebox actions. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pages ACM, [11] H. H. Gharakheili, L. Exton, V. Sivaraman, J. Matthews, and C. Russell. Third-party customization of residential internet sharing using sdn. International Telecommunication Networks and Applications Conference (ITNAC), [12] D. Kreutz, F. M. Ramos, P. Esteves Verissimo, C. Esteve Rothenberg, S. Azodolmolky, and S. Uhlig. Software-defined networking: A comprehensive survey. proceedings of the IEEE, 103(1):14 76, [13] W. Luo and U. Hengartner. Proving your location without giving up your privacy. In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, pages ACM, [14] D. M. F. Mattos, L. H. G. Ferraz, and O. C. M. B. Duarte. Authflow: Authentication and access control mechanism for software defined networking. [15] S. A. Mehdi, J. Khalid, and S. A. Khayam. Revisiting traffic anomaly detection using software defined networking. In Recent Advances in Intrusion Detection, pages Springer, [16] M. Miettinen, N. Asokan, F. Koushanfar, T. D. Nguyen, J. Rios, A.- R. Sadeghi, M. Sobhani, and S. Yellapantula. I know where you are: Proofs of presence resilient to malicious provers. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pages ACM, [17] J. Park and R. Sandhu. The ucon abc usage control model. ACM Transactions on Information and System Security (TISSEC), 7(1): , [18] Z. A. Qazi, C.-C. Tu, L. Chiang, R. Miao, V. Sekar, and M. Yu. Simplefying middlebox policy enforcement using sdn. In ACM SIGCOMM Computer Communication Review, volume 43, pages ACM, [19] R. S. Sandhu and P. Samarati. Access control: principle and practice. Communications Magazine, IEEE, 32(9):40 48, [20] S. Scott-Hayward, S. Natarajan, and S. Sezer. A survey of security in software defined networks. Communications Surveys Tutorials, IEEE, PP(99):1 1, [21] S. Shin and G. Gu. Cloudwatcher: Network security monitoring using openflow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In Network Protocols (ICNP), th IEEE International Conference on, pages 1 6. IEEE, [22] S. Subramanya and B. K. Yi. Digital rights management. Potentials, IEEE, 25(2):31 34, [23] U. Toseef, A. Zaalouk, T. Rothe, M. Broadbent, and K. Pentikousis. C-bas: Certificate-based aaa for sdn experimental facilities. In Software Defined Networks (EWSDN), 2014 Third European Workshop on, pages IEEE, [24] P. Tsankov, S. Marinovic, M. T. Dashti, and D. Basin. Decentralized composite access control. Springer, [25] Ulfar Erlingsson, Keynote. Advances in Cryptology ASIACRYPT 2011: 17th International Conference on the Theory and Application of Cryptology and Information Security, Seoul, South Korea, December 4-8, 2011, Proceedings [26] N.-C. Wu, M. Nystrom, T.-R. Lin, and H.-C. Yu. Challenges to global rfid adoption. Technovation, 26(12): , [27] Yvo Desmedt, Keynote. Security and Privacy in Communication Networks: 7th International ICST Conference, SecureComm 2011, London, September 7-9, 2011.
Web-Based User Interface for the Floodlight SDN Controller
3175 Web-Based User Interface for the Floodlight SDN Controller Hakan Akcay Department of Computer Engineering, Istanbul University, Istanbul Email: hknakcay@gmail.com Derya Yiltas-Kaplan Department of
More informationInt. J. Advanced Networking and Applications Volume: 6 Issue: 3 Pages: (2014) ISSN :
2347 OpenFlow Security Threat Detection and Defense Services Wanqing You Department of Computer Science, Southern Polytechnic State University, Georgia Email: wyou@spsu.edu Kai Qian Department of Computer
More informationECIT Institute (Est.2003)
ECIT Institute (Est.2003) Research Excellence & Innovation 180 people 4 Queen s University Belfast Research Groups - Digital Communications - High Frequency Electronics - Speech, Imaging and Vision Systems
More informationOperationCheckpoint: SDN Application Control
OperationCheckpoint: SDN Application Control Scott-Hayward, S., Kane, C., & Sezer, S. (2014). OperationCheckpoint: SDN Application Control. In The 22nd IEEE International Conference on Network Protocols
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationSecurity improvement in IOT based on Software
International Journal of Scientific & Engineering Research, Volume 8, Issue 4, April-2017 122 Security improvement in IOT based on Software Raghavendra Reddy, Manoj Kumar, Dr K K Sharma Abstract With the
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More information2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media,
2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising
More informationSDN AND NFV SECURITY DR. SANDRA SCOTT-HAYWARD, QUEEN S UNIVERSITY BELFAST COINS SUMMER SCHOOL, 23 JULY 2018
SDN AND NFV SECURITY DR. SANDRA SCOTT-HAYWARD, QUEEN S UNIVERSITY BELFAST COINS SUMMER SCHOOL, 23 JULY 2018 Queen s University Belfast Lanyon Building Est. 1845 Centre for Secure Information Technologies
More informationEXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS
EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS Andry Putra Fajar and Tito Waluyo Purboyo Faculty of Electrical Engineering,
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationWeb Security Vulnerabilities: Challenges and Solutions
Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018 by Dr. Hossain Shahriar Department of Information Technology Kennesaw State University Kennesaw, GA 30144, USA
More informationQUALITY OF SEVICE WITH DATA STORAGE SECURITY IN CLOUD COMPUTING
QUALITY OF SEVICE WITH DATA STORAGE SECURITY IN CLOUD COMPUTING ABSTRACT G KALYANI 1* 1. M.Tech Student, Dept of CSE Indira Institute of Engineering and Technology, Markapur, AP. Cloud computing has been
More informationStrengthening Network Security: An SDN (Software Defined Networking) Approach
Strengthening Network Security: An SDN (Software Defined Networking) Approach Pradeep Kumar Sharma 1, Dr. S. S. Tyagi 2 1 Ph.D Research Scholar, Computer Science & Engineering, MRIU, Faridabad, Haryana,
More informationReal-time Communications Security and SDN
Real-time Communications Security and SDN 2016 [Type here] Securing the new generation of communications applications, those delivering real-time services including voice, video and Instant Messaging,
More informationAvailable online at ScienceDirect. Procedia Computer Science 56 (2015 )
Available online at www.sciencedirect.com ScienceDirect Procedia Computer Science 56 (2015 ) 266 270 The 10th International Conference on Future Networks and Communications (FNC 2015) A Context-based Future
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationA Software-Defined Networking Security Controller Architecture. Fengjun Shang, Qiang Fu
4th International Conference on Machinery, Materials and Computing Technology (ICMMCT 2016) A Software-Defined Networking Security Controller Architecture Fengjun Shang, Qiang Fu College of Computer Science
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationA Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data
An Efficient Privacy-Preserving Ranked Keyword Search Method Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy preserving. Therefore it is essential to develop
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationA Hybrid Hierarchical Control Plane for Software-Defined Network
A Hybrid Hierarchical Control Plane for Software-Defined Network Arpitha T 1, Usha K Patil 2 1* MTech Student, Computer Science & Engineering, GSSSIETW, Mysuru, India 2* Assistant Professor, Dept of CSE,
More informationA Framework for Enforcing Constrained RBAC Policies
A Framework for Enforcing Constrained RBAC Policies Jason Crampton Information Security Group Royal Holloway, University of London jason.crampton@rhul.ac.uk Hemanth Khambhammettu Information Security Group
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationHOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationEnhanced Malware Monitor in SDN using Kinetic Controller
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727 PP 46-52 www.iosrjournals.org Enhanced Malware Monitor in SDN using Kinetic Controller Jiphi T S, Simi Krishna K R Department
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationSecure and QoS Aware Architecture for Cloud Using Software Defined Networks and Hadoop
Secure and QoS Aware Architecture for Cloud Using Software Defined Networks and Hadoop Abhijeet Desai [1], Nagegowda K S [3] Department of Computer Science and Engineering, PESIT Bangalore, 560085, India
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationA Comparative study of On-Demand Data Delivery with Tables Driven and On-Demand Protocols for Mobile Ad-Hoc Network
A Comparative study of On-Demand Data Delivery with Tables Driven and On-Demand Protocols for Mobile Ad-Hoc Network Humayun Bakht Research Fellow, London School of Commerce, United Kingdom humayunbakht@yahoo.co.uk
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationNGN: Carriers and Vendors Must Take Security Seriously
Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place
More informationSDN Security: A Survey
SDN Security: A Survey Scott-Hayward, S., O'Callaghan, G., & Sezer, S. (2013). SDN Security: A Survey. In 2013 IEEE SDN for Future Networks and Services (SDN4FNS) (pp. 1-7). Institute of Electrical and
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationSoftware-Defined Networking from Serro Solutions Enables Global Communication Services in Near Real-Time
A CONNECTED A CONNECTED Software-Defined Networking from Serro Solutions Enables Global Communication Services in Near Real-Time Service providers gain a competitive advantage by responding to customer
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationInterconnected Multiple Software-Defined Network Domains with Loop Topology
Interconnected Multiple Software-Defined Network Domains with Loop Topology Jen-Wei Hu National Center for High-performance Computing & Institute of Computer and Communication Engineering NARLabs & NCKU
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationVideo-Aware Networking: Automating Networks and Applications to Simplify the Future of Video
Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video The future of video is in the network We live in a world where more and more video is shifting to IP and mobile.
More informationUsing SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall
Institute of Computer Science Chair of Communication Networks Prof. Dr.-Ing. P. Tran-Gia Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall comnet.informatik.uni-wuerzburg.de SarDiNe
More informationPerformanceAnalysisofDifferentOpenflowbasedControllerOverSoftwareDefinedNetworking
Global Journal of omputer Science and Technology: Software & Data Engineering Volume 18 Issue 1 Version 1.0 Year 2018 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationA Firewall Architecture to Enhance Performance of Enterprise Network
A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationAnatomy of a Semantic Virus
Anatomy of a Semantic Virus Peyman Nasirifard Digital Enterprise Research Institute National University of Ireland, Galway IDA Business Park, Lower Dangan, Galway, Ireland peyman.nasirifard@deri.org Abstract.
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationOffice 365 Buyers Guide: Best Practices for Securing Office 365
Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationarxiv: v1 [cs.cr] 1 Apr 2018
Noname manuscript No. (will be inserted by the editor) Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions Arash Shaghaghi 1,3 Mohamed Ali Kaafar 2 Rajkumar Buyya
More informationScalable overlay Networks
overlay Networks Dr. Samu Varjonen 1 Contents Course overview Lectures Assignments/Exercises 2 Course Overview Overlay networks and peer-to-peer technologies have become key components for building large
More informationAnalysis of a Redactable Signature Scheme on Data with Dependencies
Analysis of a Redactable Signature Scheme on Data with Dependencies David Bauer School of ECE Georgia Institute of Technology Email: gte810u@mail.gatech.edu Douglas M. Blough School of ECE Georgia Institute
More informationSUMMERY, CONCLUSIONS AND FUTURE WORK
Chapter - 6 SUMMERY, CONCLUSIONS AND FUTURE WORK The entire Research Work on On-Demand Routing in Multi-Hop Wireless Mobile Ad hoc Networks has been presented in simplified and easy-to-read form in six
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationCertification Report
Certification Report EAL 4+ Evaluation of Firewall Enterprise v8.2.0 and Firewall Enterprise Control Center v5.2.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSynergy: Quality of Service Support for Distributed Stream Processing Systems
Synergy: Quality of Service Support for Distributed Stream Processing Systems Thomas Repantis Vana Kalogeraki Department of Computer Science & Engineering University of California, Riverside {trep,vana}@cs.ucr.edu
More informationSDN An opportunity for security by design?
SDN An opportunity for security by design? IEEE NetSoft Sec-VirtNet 2016 Sandra Scott-Hayward 10 June 2016 @CSIT_QUB Presenter Bio Dr Sandra Scott-Hayward, CEng CISSP CEH OCSA Senior Research Engineer
More informationNETWORKING. 8. ITDNW08 Congestion Control for Web Real-Time Communication
NETWORKING 1. ITDNW01 Wormhole: The Hidden Virus Propagation Power of a Search Engine in Social 2. ITDNW02 Congestion Control for Background Data Transfers With Minimal Delay Impact 3. ITDNW03 Transient
More informationCampus Network Design
Design Principles Campus Network Design 2003, Cisco Systems, Inc. All rights reserved. 2-1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0 2-2 Design Principles Task in Network Design Plan phase
More informationSDN-Based Network Security Functions for VoIP and VoLTE Services
SDN-Based Network Security Functions for VoIP and VoLTE Services Daeyoung Hyun, Jinyoug Kim, Jaehoon (Paul) Jeong, Hyoungshick Kim, Jungsoo Park, and Taejin Ahn Department of Software, Sungkyunkwan University,
More informationIN this letter we focus on OpenFlow-based network state
1 On the Impact of Networ State Collection on the Performance of SDN Applications Mohamed Aslan, and Ashraf Matrawy Carleton University, ON, Canada Abstract Intelligent and autonomous SDN applications
More informationA Survey of Self-Protecting Computing Systems
A Survey of Self-Protecting Computing Systems Essien Ayanam The Volgenau School of Engineering George Mason University Fairfax, Virginia, 22030, USA Email: eayanam@gmu.edu Outline Introduction Overview
More informationCyber Security Guidelines for Securing Home and Small Office Routers
Cyber Security Guidelines for Securing Home and Small Office Routers Author: CS Risk Management Section Document Published Date: March 2018 Document History: Version Description Date 1.0 Published V1.0
More information21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING
WWW.HCLTECH.COM 21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING THE AGE OF DISRUPTION: THE AGE OF CYBER THREATS While the digital era has brought with it significant advances in technology, capabilities
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationSoftware Defined Networking Security: Security for SDN and Security with SDN. Seungwon Shin Texas A&M University
Software Defined Networking Security: Security for SDN and Security with SDN Seungwon Shin Texas A&M University Contents SDN Basic Operation SDN Security Issues SDN Operation L2 Forwarding application
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationMedigate and Palo Alto Networks Integration
Medigate and Palo Alto Networks Integration A Superior Security Solution for Connected Medical Devices Medigate and Palo Alto Networks have teamed together to deliver a best-in-class solution that addresses
More informationCountering Hidden-Action Attacks on Networked Systems
Countering on Networked Systems University of Cambridge Workshop on the Economics of Information Security, 2005 Outline Motivation 1 Motivation 2 3 4 Motivation Asymmetric information inspires a class
More informationSecurity for SIP-based VoIP Communications Solutions
Tomorrow Starts Today Security for SIP-based VoIP Communications Solutions Enterprises and small to medium-sized businesses (SMBs) are exposed to potentially debilitating cyber attacks and exploitation
More informationDetecting Suspicious Behavior of SDN Switches by Statistics Gathering with Time
Detecting Suspicious Behavior of SDN Switches by Statistics Gathering with Time Takahiro Shimizu, Naoya Kitagawa, Kohta Ohshima, Nariyoshi Yamai Tokyo University of Agriculture and Technology Tokyo University
More informationSecurity Research for Software Defined Network
, pp.87-93 http://dx.doi.org/10.14257/astl.2016.134.15 Security Research for Software Defined Network 1 Jianfei Zhou, 2 Na Liu 1 Admission and Employment Office, Chongqing Industry Polytechnic College
More informationEnable Infrastructure Beyond Cloud
Enable Infrastructure Beyond Cloud Tim Ti Senior Vice President R&D July 24, 2013 The Ways of Communication Evolve Operator s challenges Challenge 1 Revenue Growth Slow Down Expense rate device platform
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationBIOEVENTS PRIVACY POLICY
BIOEVENTS PRIVACY POLICY At Bioevents, your privacy is important. Below you will find our privacy policy, which covers all personally identifiable data shared through Bioevents websites. Our privacy policy
More informationCertification Report
Certification Report Security Intelligence Platform 4.0.5 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationSECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE
SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 8 9 10 11 12 14 15 16 INTRODUCTION THREATS RISK MITIGATION REFERENCE ARCHITECTURE
More informationCOURSE OUTLINE. Last Amendment Edition Procedure No. Lecturer /blog Room No. Phone No. / Name.
FACULTY OF COMPUTING Page 1 of 6 COURSE 0 PRE-REQUISITE none EQUIVALENCE CONTACT HOURS 4 Lecturer e-mail/blog Room No. Phone No. 1. Dr. Siti Hajar Othman hajar@utm.my / www.comp.utm.my/hajar 347-04, N8
More informationNetwork Working Group Request for Comments: 1984 Category: Informational August 1996
Network Working Group IAB Request for Comments: 1984 IESG Category: Informational August 1996 IAB and IESG Statement on Cryptographic Technology and the Internet Status of This Memo This memo provides
More informationIEEE ComSoc Distinguished Lecture Tour Australia, June 8-18, 2014 Ying-Dar Lin, IEEE Fellow National Chiao Tung University, TAIWAN July 5, 2014
IEEE ComSoc Distinguished Lecture Tour Australia, June 8-18, 2014 Ying-Dar Lin, IEEE Fellow National Chiao Tung University, TAIWAN July 5, 2014 DLT Planning This was my first DLT (Distinguished Lecture
More informationCloud Security Standards Supplier Survey. Version 1
Cloud Security Standards Supplier Survey Version 1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved Version
More informationClinical Segmentation done right with Avaya SDN Fx for Healthcare
Clinical Segmentation done right with Avaya SDN Fx for Healthcare The stark reality is that patients are at grave risk as malicious attacks on exposed medical equipment increase. Table of Contents Highlights...
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More informationSecurity: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration
Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.
More information